Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Egress IP fixes #16866

Merged
merged 3 commits into from
Oct 20, 2017
Merged

Egress IP fixes #16866

merged 3 commits into from
Oct 20, 2017

Conversation

danwinship
Copy link
Contributor

  1. Further IP address validation, from Don't allow claiming node IP as egress IP #16779 (comment)
  2. Fix OVS VXLAN ingress rule to not filter out remote node egress IP traffic, fixing https://bugzilla.redhat.com/show_bug.cgi?id=1501876

@danwinship danwinship added component/networking kind/bug Categorizes issue or PR as related to a bug. sig/networking labels Oct 13, 2017
@openshift-merge-robot openshift-merge-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 13, 2017
@openshift-ci-robot openshift-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Oct 13, 2017
pravisankar
pravisankar reviewed Oct 13, 2017
View reviewed changes
pkg/network/node/egressip.go Outdated
@@ -269,6 +270,12 @@ func (eip *egressIPWatcher) claimEgressIP(egressIP, egressHex string) error {

for _, addr := range addrs {
if addr.IP.String() == eip.localIP {
_, eip.localEgressNet, err = net.ParseCIDR(addr.IPNet.String())
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why to run this for every claim?
We know localIP during egressIPWatcher intialization. We could populate localEgressNet in Start() before calling the HostSubnet/NetNamespace watch.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't, we only run it on the first claim. (There's an "if eip.localEgressLink == nil" around the whole thing.) I don't remember why I did it that way rather than initializing it from Start() but maybe I should change that...

@openshift-ci-robot openshift-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Oct 13, 2017
pravisankar
pravisankar reviewed Oct 13, 2017
View reviewed changes
Copy link

@pravisankar pravisankar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor nit, otherwise LGTM

pkg/network/node/egressip.go Outdated
@@ -71,6 +71,10 @@ func newEgressIPWatcher(localIP string, oc *ovsController) *egressIPWatcher {
}

func (eip *egressIPWatcher) Start(networkClient networkclient.Interface, iptables *NodeIPTables) error {
if err := eip.findEgressLink(); err != nil {
return fmt.Errorf("Could not find egress network interface: %v", err)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*could (start with lower case)

@danwinship
Copy link
Contributor Author

/retest

knobunc
knobunc approved these changes Oct 18, 2017
View reviewed changes
Copy link
Contributor

@knobunc knobunc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
Thanks Dan

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 18, 2017
@openshift-merge-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danwinship, knobunc

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@pravisankar
Copy link

/test extended_conformance_gce

@danwinship
Copy link
Contributor Author

/retest

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-merge-robot
Copy link
Contributor

Automatic merge from submit-queue.

@openshift-merge-robot openshift-merge-robot merged commit 747a173 into openshift:master Oct 20, 2017
@danwinship danwinship deleted the egress-ip-fixes branch November 9, 2017 19:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pravisankar pravisankar pravisankar left review comments

@knobunc knobunc knobunc approved these changes

Assignees

@pravisankar pravisankar

@knobunc knobunc

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. component/networking kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. sig/networking size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@danwinship @openshift-merge-robot @pravisankar @openshift-bot @knobunc @openshift-ci-robot